The Department of Justice is cultivating controversial plans to avoid or repeal portions of the Freedom of Information Act because of concerns the law might keep businesses from playing a crucial role in the Clinton Administration's computer network security plans.
Department of Justice official Steve Mitchell said that in discussions with businesses over the administration's plans to protection critical information infrastructure in the United States, FOIA emerged as a major obstacle to their participation. The businesses are afraid that their proprietary information could be made public under FOIA if they partner with government agencies.
"While some government agencies are able to offer assurances that they can protect information from FOIA disclosure, not all were able to do so," Mitchell said Wednesday during a conference panel previewing the administration's critical infrastructure protection plans, expected to be the subject of a symposium November 9.
Both Republican and Democratic critics of FIDNet reacted skeptically, with one Senate staffer calling the administration's expected proposal an unholy union of government agencies, who hate the hassle of dealing with FOIA requests, and businesses, who have never liked the law.
"The administration has not approached us and discussed this matter," said a spokesman for House Majority Leader Richard Armey, R-Texas, who has expressed concern about other aspects of the government's critical infrastructure proposals. "They need to be more forthcoming with Congress in what they want to do if they want Congress to change the law," said the spokesman, Richard Diamond.
A spokeswoman for Sen. Patrick Leahy, D-Vt., said that Leahy has been a defender of FOIA and expected a new battle over the Nixon-era law.
"There are already exemptions to FOIA, and if some need to be updated, refined, or examined, that is fine," said the staffer. "But to propose that any material provided by any company under the rubric of critical infrastructure protection is totally exempt from the FOIA, is a non-starter."
Mitchell said that many businesses are concerned that information provided to Information Sharing and Analysis Centers (ISACS) would, if shared with the government, become subject to public disclosure-"creating a great deal of uncertainty for private sector and trade association organizations."
One key aspect of the FIDNet plan, designed to please businesses, was to guarantee that specific details of vulnerabilities, commercial targets of hackers and other sensitive information would not become available to competitors or the public. If the potential for the FOIA law to eliminate that assurance is not removed-either through repeal or finding legal ways to circumvent open-record statutes-businesses "might not even position themselves around the table," Mitchell said.
Besides FOIA, other top concerns of industry include increased liability for sharing sensitive information about computer hacks and the possibility of antitrust prosecutions for collaborating with their competitors. In response to these concerns, Mitchell said that the Department of Justice has already established a series of working groups that are expected to present options to Richard Clarke, a senior director of the National Security Council, to "consider ways that legal implementation can be met through existing laws or whether legal reform is necessary."
Although stressing the tentative nature of the plans, Mitchell said the Department is considering a number of ways in which such sensitive information could travel via "protected ports" so that it could be circulated within the government while being exempted from FOIA on the grounds of national security or law enforcement.
"We were even considering ways, and this may be doable, to include state and local governments that might normally be subject to state shine rules," Mitchell said.
NEXT STORY: Budget Battles: The White House pounces